The secure mobile communication relay of the present invention may comprise: a baseband processing unit for the baseband modulation/demodulation of the mobile communication signal transmitted between a terminal and a mobile communication network base station so as to extract baseband data; a control unit for analyzing the baseband data and permitting or rejecting the relay of the baseband data based on the result of a determination of whether or not a set security policy has been violated; a storage unit for storing information for setting the security policy; and a firewall function unit for determining, based on the instructions of the control unit, whether or not the packet data included in the baseband data violates the security policy.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A secure mobile communication relay, comprising: one or more units stored in memory, configured and executed by a hardware processor using an algorithm, the algorithm which when executed, causing the processor to perform the one or more units, the one or more units comprising: a baseband processing unit for the baseband modulation/demodulation of the mobile communication signal transmitted between a terminal and a mobile communication network base station so as to extract baseband data; a control unit for determining whether or not a set security policy has been violated, the determination being performed by analyzing the baseband data and the control unit for determining whether to permit or reject the relay of the baseband data based on the determination; a storage unit for storing information for setting the security policy; and a firewall function unit for determining, based on instructions of the control unit, whether or not the packet data included in the baseband data violates the security policy, wherein in response to determination of the packet data to be violating the security policy, the control unit operates to transmit a PDP context deactivation request signal to the terminal and the mobile communication network base station.
2. The secure mobile communication relay of claim 1 , wherein the storage unit further stores firewall selection information designating through which one of the firewall function unit and an external firewall equipment the determination of whether or not a set security policy has been violated is to be performed, and wherein the control unit operates so as to provide the packet data to at least one of the firewall function unit and the external firewall equipment, in accordance with the firewall selection information.
3. The secure mobile communication relay of claim 1 , wherein, in case the security policy is set up to not permit a wireless packet data service, the control unit operates to transmit a service option negotiation rejection signal to the terminal, when the baseband data received from the terminal includes a service option negotiation request signal.
4. The secure mobile communication relay of claim 1 , wherein the control unit stores an identification number of the terminal when the terminal requests for a service option negotiation request, and wherein, if the packet data is determined to be violating the security policy, the control unit operates so as to transmit the PDP context deactivation rec signal to the terminal based upon the stored identification number of the terminal.
5. In a secure mobile communication relaying method using a secure relay relaying a mobile communication signal between a terminal and a mobile communication network base station, the secure relay comprises: storing information for setting a security policy; acquiring a result of a determination of whether or not a set security policy has been violated with respect to packet data included in the baseband data, wherein the baseband data are acquired by performing baseband modulation/demodulation on the mobile communication signal; permitting relay of the baseband data in response to determination of the data not to be violating the security policy; and in response to determination of the packet data to be violating the security policy, transmitting a PDP context deactivation request signal to the terminal and the mobile communication network base station.
6. The method of claim 5 , further comprising: storing firewall selection information designating through which one of the firewall function unit embedded in the secure relay and an external firewall equipment the determination of whether or not a set security policy has been violated is to be performed; and providing the packet data to at least one of the firewall function unit and the external firewall equipment, in accordance with the firewall selection information.
7. The method of claim 5 , further comprising: transmitting a service option negotiation rejection signal to the terminal, when the baseband data received from the terminal includes a service option negotiation request signal, in case the security policy is set up to not permit a wireless packet data service.
8. The method of claim 5 , further comprising: storing an identification number of the terminal when the terminal requests f a service option negotiation request; and transmitting the PDP context deactivation request signal to the terminal based upon the stored identification number of the terminal, if the packet data is determined to violating the security policy.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 11, 2012
January 3, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.